Legals course of action in Information Technology generally speculate information privacy and system security despite being both are typically managed and handled together. Presumably system security is a co-related of information privacy, and so does it serves information system. However, this point of view is so much distorted of the relationship between two sectors.
According to legal institutions in various countries, acknowledge information privacy and system security as separate institutional objectives to reduce the risks of over-conflicts of various data security’s objectives which are counter against information privacy. Information privacy can be defined as ‘collective advantage for group of users, with respect to common interest held by each individual user’. Simultaneously, it’s a right of individual deciding what to do with that information regarding how personal information should be used, processed and even stored on private system or either public system.
Similarly, system security is treated as organizational rules and technical requirements that an organization uses to ensure that system (data) is only accessed by authorised people. Similar facts are relevant to both information privacy as well. The method in which system collect, process and store the information they hold about others reflects privacy policies and system security policies. In 21st century, increasingly number of organisations voluntarily collect personal user information and seeking ways to learn from and create investment from possessed information with the method to form ‘digital Identity’ about personality or characteristic of individual. From perspective of common eyes, whether their personal information is distributed with agreement of organisation collecting it or not, if information ends up in a situation that common individual does not like, it reflects poorly on information privacy policies of organisation and this would raises doubts about system security about organisation. In simple words this also work inverse too, if system security breach is identified in an organisation then off course Information privacy violation occurred. And off-course this will result compromising the progress of technological system development and legitimacy of organisation in public.
Despite the overlaps as I presented in above paragraph; Information privacy and system security are separate vectors pragmatically. According to theoretical concepts, information privacy defines series of polices with medium to collect information that reflects individual’s freedom in deciding what to do with that information and how it needs to be use, processed and stored. In this case professional and experts on information privacy training, or might be more suitable for privacy with more pertinent legal background. Most common certification are Certification in Information Privacy (CIPP), Certification in Information Privacy Technology (CIPT). Whereas system security professionals belong from information technology or computer science training and handles more technical part. Furthermore, the trends circulation of hacking more implicates system security rather than something to do with Information Privacy. And as social media and business networking getting mobilise more rapidly throughout global, we are anticipating more demands in global job markets; professional with technical skilled with system security as well as regulatory training in information privacy.
Information Privacy issues more over handle at executive level and System security trends are to be more departmental issues and is more likely to be handled by sub-contract companies and in some cases insurance companies. On contrary, privacy is considered as ‘strategic’ management issue, which makes Chief Privacy Officers as responsible position. Majority of responsible CPOs often handle system security at strategic level, but as title suggests, the primary objective of CPOs is considered information privacy.
Furthermore the strategy that institutions seeks to prevent privacy breach is different from how they prevent a information leak, at least on granulated level. But however information privacy prevent inappropriate collection, processing or storing of information by organisation itself, this also includes by encrypting the information. On the other hands, System security, keep the data gateway channels and already stored data as secure proof from any invasion.
In this era, future is depended on the advocacy and technical regulations of information privacy and it’s legitimacy in business ethics. And Information privacy regulation can be a proven weapon against such Information abuses, identity theft, hacking and information espionage. In such case system security dominates as regulatory for limiting the ability of information to get public and in scenarios in which information privacy have conflicts with system security should be focal point for policymakers and technical experts.
This post provide a brainstorming on how to think about information privacy and system security relationships and layovers. Information privacy alters the suppositions and premises upon which system security operates and oppositely too. Conclusion is always depended on problems which can be separated, and projected their impact on one another; to get accurate solutions without risk. There is growing of professional trends around customer demands for information privacy and system security; It’s important to understand a way how to relate each other. Rather than establishing new code or procedures of system security which influences information privacy; organisations and regulatory requires to study the changes which might impact the other. System security and information privacy are not identical either objectively or in consumer demand; legal approaches that presumes organisational interest requires necessarily serves public interest in information privacy and system security favourable to organisation interest. Thats why problems in system security regulations doesn’t merely address by information privacy.
Note: Author reserves copyrights for above blog post.